Just about every telecommunications company in Canada announced plans to enter the voice-over IP business. There were some regulatory investigations first from the CRTC, which had readers puzzling some of the same issues: is it an application or is it a technology?

Mr. Pulver calls his company a phone-service company, but doesn’t want to accept the responsibilities incumbent in providing telephone service, particularly providing 911 ID and location information. I realize this is not easy to do, but the last thing I need is for someone in my home or place of business to not be able to call for help if they or someone else is sick or injured, or finds a fire, or needs the police.

VoIP is not an application as Mr. Pulver claims. It is a technology that is used to encode and decode voice for transmission from one location to another, as are analogue and digital landline and cellular telephone networks. Connecting to the local PSAP with caller ID and ALI are applications. Mr. Pulver and other VoIP providers are at the stage the cellular companies were a few years ago when they were unable to provide that application, and they may as well bite the bullet now and start working on how to do it instead of how to avoid it.

Let’s avoid the automobile situation of a couple of decades ago when the U.S. government decreed that gasoline mileage and safety must be improved. The Japanese companies hired thousands of engineers to do it, the Americans hired thousands of lawyers to fight it, and guess who won and is still winning.

This is fantastic news. Some of my colleagues in the U.S. have the service and not only is it reliable and convenient, it is cheap. I’ve been trying to get the service here, but they won’t accept a Canadian billing address. I’m looking forward to the service being available to us in Canada. We travel a lot, and to have your computer ring when you’re sitting in your hotel room or at Starbuck’s, if you need to be in touch, is a godsend.

Big business loves regulation. It stifles innovation and ensures that the incumbents face less competition. It only makes sense that the battle cry for the CRTC to introduce regulation to VoIP comes from an organization like BCE with the most to lose from a competitive threat to traditional wire-based phone service.

say get rid of the CRTC and let the market sort out the details.

James Broen

Meet the glitches

Diagnosing serious IT problems is sometimes like psychoanalyzing a patient: dig deep enough into the past and you’ll often find the root of the problem. Royal Bank jitterbugged its way around a public relations nightmare and blamed its glitch on an upgrade. In the case of the Ontario government’s welfare hike problem, the finger was pointed at contract foul-ups. In either case, our readers weren’t impressed.

I used to work for the Ontario government for seven years as a senior systems analyst and I was involved in several projects. What I found was that:

1. There was not an experienced IT project manager on an IT project. We need to understand that the government will not trust any new hires and they like to assign the project to the ones that they know. Most frequently, those people are probably good at their areas but not in managing IT projects or solving any technical issues.

2. The vendors will usually assign the sales rep. to be the project manager (the counterpart of the government side). I don’t object to this at all but they should listen to the real techies and the front-line staff.

3. OPSEU wants to hire more IT workers for more membership dues. It does not help the situation at all because qualified people will never want to work for the government because of … we all know the reasons.

4. I joined the government wanting to better serve the public and do a better job to save public money. I was extremely naive. The longer I was with the government, the less I wanted to work because of the discouragement of any initiatives.

It is very obvious that the IT department needs an overhaul, whether minor or major. Why was this done at the end of the month? Why did it take a almost a week to correct the problem? Why did RBC process bills while knowing it couldn’t process its customers payroll into their accounts? As mentioned in the article, public relations in this matter were poor. I think RBC needs to think about hiring competent IT staff and competent management, because it failed miserably on this one also.

In this day and age, good, competent people are waiting to be employed while rookies run the show, and you have the kind of problem RBC had because of that. In this era of superior communication technology and changed attitudes, RBC failed miserably in notifying its customers. Have they become too big for their britches?

Michael MacDonald

You can catch more phish with spam

Readers weren’t impressed with the idea of regulating spam and even less impressed with the pedigree of people that perpetrate phishing schemes. Vendors continue to create anti-spam solutions with some measure of success, but the broader implications of regulating and policing the Internet continue to confound governments.

Many of us in the field might believe that people are being gullible when they fall for phishing e-mails. However, we are being conditioned to trust e-mails by commercial entities such as Canadian Tire whose e-mails link to numeric addresses and IT related e-mails from ZDNet and ITBusiness.ca both of which switch us to various sites underneath the covers. The practice of tracking cookies from otherwise unidentified organizations also conditions us to tolerate exposures.

My belief is that we need to be have more visibility and understandable linkages in e-mail newsletters so that the site clearly is linked to the sender and that cookies and other accesses when we visit a site are clearly related to that site.

Legislation won’t stop spam any more than it has stopped theft. If you believe legislation will work, I challenge you to remove all the locks from your home’s doors and windows.

We have been using EVS Mail for over two years. It’s a technical solution that requires no changes to SMTP nor to legitimate e-mail processes, and has been 100 per cent effective since day one. All legitimate complaints I’ve heard regarding specific features used by other services and products that are similar to EVS Mail have been addressed. With our EVS Mail gateway, we now use less bandwidth than we would even using no spam/virus control.

With the service being based primarily on individual white listing (though it is much more sophisticated than that) and several failsafes, we can be 100 per cent confident that we also don’t lose legitimate mail to false positives. With an efficient and effective technology like this available, why is everyone else running around like chickens with their heads cut off?

You’ve brought up one of the common myths of fighting spam: the need for more laws.

Clearly the U.S. experience to date with CAN-SPAM has lead many to believe, and rightly so, that new laws without teeth, or new laws that are less stringent than those in effect before them (i.e. federal vs. state laws) are a step backward.

The Canadian Association of Internet Providers has been working closely with Industry Canada for over two years now in an attempt to develop a solution to spam that is equitable, effective and enforceable. We have also had the pleasure and honour of meeting with Senator Oliver and Members of Parliament to help them understand the nature of spam and the difficulties our members face every day in combating unwanted junk e-mail.

During these discussions, and as more information is gathered on a global basis, we’ve come to realize that any solution to this crisis is the same as any solution to an epidemic; it requires multi-jurisdictional cooperation and consumer awareness.

CAIP’s members provide more than 80 per cent of all Internet connections in Canada and we work proactively to combat this scourge of the Internet. In the last few years we’ve seen virtually every Canadian ISP implement e-mail filtering to prevent junk e-mail from reaching our clients. This was done not because of fear of future legislation but implemented as a survival tool for ISPs — spam is now approaching 80 per cent of all e-mail traffic. For ISPs large and small, this is done at a not insignificant cost in labour, hardware, bandwidth and outsourced services.

Consumers also play a role in fighting spam. Far too often consumers will respond to an e-mail message, asking to be removed from future mailings. Responding or using a clickable link in a message in the hope of being removed from the spammer’s list, simply confirms to the spammer that the client’s e-mail address is legitimate and therefore of greater value as the spammer can now re-sell that e-mail address.

CAIP encourages legislators to look at existing Canadian laws that can be used to fight spam before we invent new legislation. Some analysts have indicated that over 70 per cent of spam is fraudulent, misleading or deceptive in nature. Canada has capabilities under the criminal code (fraud) or Competition Act (misleading advertising) to fight many spammers. And while you point out some of the jurisdictional issues associated with PIPEDA, e-mail addresses are considered to be personally identifiable information and as such are protected.

We don’t need new laws. We do need adequate resources devoted to cyber-crime. We do need international cooperation. We do need elevated consumer awareness. Only when we have exhausted the latter three items will the former be effective.

Tom CopelandChairmanCanadian Association of Internet Providers

The science of compliance

Months after the enforcement of the Personal Information Protection and Electronic Documents Act, numerous Canadian companies were still playing catch-up. Consulting firms swooped in to offer to set them on the right path, but it proved — and continues to prove — a daunting task.

To be sure, PIPEDA is a cultural “”slap upside the head”” for companies not used to caring about confidentiality. It was a long time coming in Canada, and in spite of any short-comings, is a good base to begin to clean up Canadian corporations. After some experience with it and any related provincial legislation, they will come to realize the inevitability of it, even if they choose to ignore the necessity.

PIPEDA may even have the side benefit of simplifying and down-sizing databases, by eliminating information not really required by the business function anyway. Developers and consultants may be forced to really think about database design for a change. Could that be a bad thing? If a business function really does require restricted data, it may force them to secure it better. In today’s world of spyware, viruses, worms, trojans, etc., can that be a bad thing?

Overall, I think PIPEDA is good and necessary. As in all things new, it may not be perfect, but it’s a good start. The initial confusion about the act is, to me, just an indicator of how bad the status of corporate protection of private information is in this, our home and native land.

Kudos to the CICA, for taking the lead in providing implementation assistance.

Bruce Edwardes

Shore thing

The term “”offshore”” has escaped the ranks of IT shops and entered the public consciousness. Offloading work to a company that can do it better, or mortgaging your future to save a buck? The answer was evident to most readers.

Over the past few months, I’ve been making a point of responding to articles and letters about offshore outsourcing since it’s my fervent belief that the value model for outsourcing software development is flawed.

Companies are indeed saving money by sending the development overseas, but that’s only in comparison to their existing processes. Offshore development is suboptimal at best. Research by the Standish Group has consistently shown that the software customer’s close involvement is a critical success factor in any development project. The moment the development is moved across the street or around the world, that involvement is adversely affected.

The offshore model typically uses prescriptive software development methodologies that require considerable up-front analysis and design work in order to “”nail down”” all of the system’s requirements and design before any coding is performed. As a result, it is months if not years before any business value is delivered to the customer in the form of a working system.

The use of agile development processes such as Extreme Programming focuses on delivering that value as soon as possible. These methodologies recognize that it’s impossible to have requirements that never change due to changes in the business, or that weren’t articulated very well in the first place. In addition, especially with Extreme Programming, there is an intense focus on testing the system from Day 1, resulting in much higher quality and reduced overall development cost.

Furthermore, these processes use smaller teams that could reduce the staff overhead costs on a project without using cheaper offshore labour.

The bottom line is that companies who are exploring the offshore outsourcing model could very likely benefit just as much, if not more, from using a different development process. If they are open to changing the way they develop software to offshore, why shouldn’t they be open to changing the way they develop software to agile development?

There are certain jobs (or a portion of certain jobs) we should want to keep in Canada to ensure we can stay competitive. Coding may seem low-level, but it quickly ties into business and technical analysis, design, system architecture and so on. Unlike buggy whips, coding is a foundation for more critical roles.

As for Kevin Yan saying, “”We’re culturally indoctrinated (in North America) to want to advance and move ahead to bigger projects. In India, it’s different. They like doing the same thing. They appreciate the stability of the job.”” — obviously he’s never worked with the Indians he talks about. I’m currently based in India, and the developers here want to be module leaders after a year and project managers a year after that. They’re MORE ambitious than most of the developers I work with in Canada.

In the shadows of open source training for thinkers(In other words, the best of the rest)

In an effort to keep tabs on what makes the industry tick these days, we offered coverage on shadow IT departments, Microsoft’s latest machinations on open source, the relevance of technology training programs today and other topics we think you’d like to read about. Thanks for writing in and we look forward to more of your letters in 2005.

It is time that corporations realize that IT must become decentralized to be effective. IT staff should take on the role of consultant and be farmed out to the departments so that they not only reside in the department for which they are assigned but are given the chance to really learn and get a feel for how the department operates, what constraints it faces, what its needs are. This way they can work closely with everyone in that department and develop the best tools and provide that instant service since they are dedicated to that department. Of course the department’s budget needs to account for the services of the resident IT professional for the time that this person is there.

You still can set a standard and still centralize such things as disaster recovery, backups, corporate system upgrades, etc. With knowledge workers having spent time in the department IT provides the information in advance that an upgrade will have a negative impact in a certain area before the fact and not after the rollout.

IT people need to spend time to learn the business if they are to continue to be an asset to the company. Though IT people are well trained in software, hardware, and communications, most know little if nothing of the departments they serve.

It’s time to bring the IT department down from its ivory tower and put it in the trenches where it will truly do some good.

Far from being a flashpoint of controversy about Free/Libre and Open Source Software (FLOSS), we had Jason Matusow from Microsoft talking about the importance of open source and interacting properly with the larger developer, user and customer communities.

Microsoft spoke about how there is BSD Unix code in Microsoft Windows, and how Microsoft continues to run Hotmail on BSD Unix. He spoke about different examples of the acquisition, use, creation and distribution of non-copyleft Open Source software at Microsoft.

While Microsoft is not supportive of copyleft licenses like the GNU General Public License (GPL), which they still don’t understand, they have come quite a long way from the past when all FLOSS was a cancer and would destroy the world. It is hard to claim that something you depend on for your business needs is destroying the world.

With much of the Microsoft rhetoric from the past out of the way, talking about core business needs (their own and their customers) will finally lead all of us to a better understanding the importance of free/libre and open source in a free/libre and open market in software.

Note: For those who want to learn about BSD Unix, parts of which are in every major operating system from Microsoft Windows to Mac OS-X to Linux, please see http://www.bsdcan.org, the first BSD Conference in Canada.

I had to comment on your article. As a recent undergrad with an Honours degree I decided to enhance my health degree with an Applied IT Diploma. After looking at a variety of institutions I decided to go with IT.

I am currently enrolled in the IT (Institute for Information Technology) program and all the curriculum is outdated, even months before I graduate. As a single mother of two and $21,000 later this was not the way to go.

As prospective students we were promised the latest and current technology….we haven’t even touched .Net! The only way to keep abreast of the latest technology, I believe, is ongoing workshops . . . a happy balance of theory in class and the hands-on in workshops. Keeping part of the curriculum the same, such as information modeling or the software development lifecycle, but using workshops to reflect current trends in technology, etc.

The only good thing about IT is the networking/contacts I made and in particular the career services professionals they bring in to talk to us about such articles as the one you have posted!

Angelique Cain

Letters to the editor must include the writer’s name and company name along with an e-mail address or other contact information. All letters become the property of ITBusiness.ca. Editors reserve the right to edit submissions for length and content.